2 The secure key for your digital life. Stores your data encrypted and secures access to your accounts. Protects against hackers and espionage – private and professional.

With Nitrokey Storage your data is stored securely encrypted and can be kept with you securely at all times. Hidden storage allows you to plausibly deny the existence of en- crypted data. The Nitrokey Storage helps you to encrypt your emails and protect your accounts against identity theft. With strong hardware , made reliable thanks to open source, quality made in Germany. USE CASES For Anybody – Protection Against Mass For Journalists – Source and Data Surveillance and Hackers Protection

Protect Online Accounts Against Identity Theft Encrypt and Hide Data During Border Controls Nitrokey is your key for secure login to websites Hide sensitive data on the Nitrokey Storage so that (e.g. Google, Facebook). One-time passwords (OTP) its existence cannot be proven. Hidden data is and conventional static passwords are supported. encrypted using an additional password and cannot be distinguished from empty storage space. By Encrypt Emails default no hidden volume is used. This allows you Encrypt your emails with GnuPG, OpenPGP, to plausibly deny the existence of encrypted data, S/MIME, Thunderbird or Outlook. Your private keys for example during border controls. are securely stored in the Nitrokey and cannot be exported or stolen. Keep a Secure Operating System With you at all Times Encrypt Files in the Mobile Storage Unit in Case Securely boot directly from Nitrokey Storage. of Loss Nitrokey Storage protects the system against ma- Carry important data around with you, always nipulation, such as the installation of surveillance automatically hardware-encrypted in the Nitrokey via „Evil Maid“. Storage, independent of the operating system.

For Businesses, Chancelleries and the For IT Administrators and Security Self-Employed – Protect Sensitive Data Experts – Protect Critical Infrastructure Protect Your Data Against Espionage Securely Administrating Servers With SSH Encrypt field workers’ entire hard drives by means Securely store your SSH key in the Nitrokey at all of TrueCrypt/VeraCrypt or individual files by means times. Your key is PIN-protected and cannot be ex- of GnuPG. The private keys are thereby securely ported or stolen from the Nitrokey. This means that stored in the Nitrokey. you can bypass the insecure and tedious process of synchronizing key files between client systems. Active Directory Integration Roll out certificates to the Nitrokey via central Active Internet of Things (IoT) and Protecting Your own Directory. Products Protect your own hardware products using Nitrokey Desktop Login integration. Ideal for remote maintenance and for Log in easily at your local computer ensuring product authenticity. desktop with the Nitrokey.

For Computer Manufacturers – Protect BIOS Integrity

Your users/customers verify the integrity of the computer BIOS with the help of Nitrokey and Veri- fied Boot. The colored LED of the Nitrokey indicates, if the BIOS‘ integrity is intact (green) or a manipulati- on has been detected (red). Supported Systems and Interfaces Windows, , MS Outlook, FEATURES GnuPG, SSH, TrueCrypt/VeraCrypt, OpenSC CSP, OpenPGP, S/MIME, X.509, PKCS#11 Hardware Encrypted Storage (16-64 GB) One-time passwords are compatible with the Automatically encrypt your data with secure hardware two-factor authentication of most websites encryption. Your files are protected against unauthorized (e.g. Google, Facebook, Dropbox). access, whether you are at home, in the office, or traveling, and regardless of operating system or computer. An overview of OTP-compatible websites can be found at www.dongleauth.info

Hidden Storage for Highly Sensitive Data Windows, macOS, Linux, BSD Establish hidden volumes in order to plausibly deny the existence of additional encrypted data, for example during border controls. The hidden data is encrypted with a second, separate password and cannot be distingu- ished from empty storage space. By default no hidden Technical Details volumes are used. This means, without the password, it Storage capacity: 16-64GB depending on the is not possible to detect whether or not a hidden volume model was created. Storage encryption: AES-256, CBC mode

One-Time Passwords for Protecting Secure key storage: 3 key slots, RSA 2048- Accounts Against Identity Theft 4096 bit, ECC 256-512 bit. Storage capacity: 51 KB Protect your accounts against identity theft. One-time EPROM total passwords (OTP) are generated in the Nitrokey and Elliptic curves: NIST P-256, P-384, P-521 (secp256r1/ function as a secondary authentication factor (2FA) for prime256v1, secp384r1/prime384v1, secp521r1/ logins (additional to your normal password). Thus, your accounts remain secure, even in the event that your prime521v1), brainpoolP256r1, brainpoolP384r1, passwords are stolen. brainpoolP512r1 External hash algorithms: SHA-256, SHA-384, Secure Storage of Cryptographic Keys SHA-512 Securely store your private keys for the encryption of emails, hard drives or individual files in the Nitrokey. One-time passwords: 3 x HOTP (RFC 4226), They are thereby protected against loss, theft and mal- 15 x TOTP (RFC 6238), 1 x HOTP validation ware, and can be kept with you at all times. Key backups Password manager: 16 entries protect against loss. True random number generator (TRNG): Secure Firmware Updates 40 kbit/s Keep up-to-date with security and technology by firmware Tamper-resistant , OpenPGP Card 3.3 updates. Protect yourself against manipulated firmware by reviewing the authenticity and integrity of installed Life expectancy (MTBF, MTTF): > 100,000 PIN firmware yourself. entries Durability USB connector (EIA-364-09): > 1,500 Password Manager mate and unmate cycles Securely store your passwords encrypted in the integ- rated password manager. This allows you to keep your Storage time: > 20 years passwords with you at all times and keep them protected Activity indicator: two-colored LED even if the Nitrokey is lost. Hardware interface: USB 2.0, type A

Integrity Verification / Tamper Detection Maximum supply current: 170 mA Verify the integrity of the computer BIOS with the help of Verified Boot. The colored LED of the Nitrokey indicates, if Maximum power consumption: 850 mW the BIOS‘ integrity is intact (green) or a manipulation has Size: 69 x 20 x 8 mm been detected (red). Supported computers are required Weight: 11 g to have a BIOS based on Coreboot and Heads (e.g. Purism Librem, Insurgo PrivacyBeast, Nitrokey NitroPad). Compliance: FCC, CE, RoHS, WEEE, OSHwA NITROKEY IS BETTER

High Security Easy Integration Your private data and keys are always stored in Nitrokey uses open interfaces and open source the tamper-resistant and PIN-protected Nitrokey tools to enable easy integration into your systems. and are as such protected against , loss We can develop a customized solution for you on and theft. Brute force protection prevents against request. PIN guessing attacks by locking the device after 6 failed attempts. RSA keys of up to 4096 bit and AES Better Than Software with 256 bit are supported. Nitrokey Storage has The Nitrokey hardware does not depend on an already been reviewed by an independent auditing operating system and reliably protects your data company and found to be secure (audit reports are and keys against theft, loss, user errors and malware. publicly available).

Security Requires Open Source Complete USB Connector Unlike some of its competitors, Nitrokey has a Both hardware and firmware, tools and libraries are complete and standard-compliant USB connector. open source and , enabling indepen- This ensures plugging the device in and out several dent security audits. Flexibly adaptable, no vendor thousand times without connection issues. Anti-twist lock-in, no security through obscurity, no hidden protection reduces support costs. security flaws and backdoors.

No Backdoors Made in Berlin Nitrokey is developed and produced in Berlin resp. Installed firmware of Nitrokey Storage can be expor- Germany. For the sake of higher quality and security, ted and verified, preventing attackers from inserting we do not use cheap overseas manufacturing. backdoors into products, for example during ship- ping. Nitrokey is open source and free of backdoors. All private keys are generated only by you and we Sustainability have no access to your private information in the The sustainable development and production of Nitrokey Storage. Nitrokeys contributes to a sustainable environment and society. Plausible Deniability Nitrokey Storage is the only hardware solution wor- ldwide with hidden encrypted storage. This allows you to plausibly deny the existence of encrypted www.nitrokey.com data, for example during border controls.

Our Customers Version: 10/2020

GE Healthcare